Posts by JohnFen

Re: Blockchain is a ledger, first and foremost

"Can you name something that you can do on a blockchain that isn't possible on a different storage format?"

I think that's the wrong question. The right question is "what can you accomplish with a blockchain that can't already be accomplished at least as well with other methods?" If block chain did nothing new, but did the old stuff in a much better way, that would still make it very valuable.

Re: Colour me unsurprised.

"Just that there are no conventional uses for blockchain, which is not quite the same thing."

Those are different things, but what non-conventional uses are there for blockchain that can't be already be addressed at least equally well by more established approaches?

I've spent most of my career strenuously trying to avoid becoming management. I think having an MBA would be counterproductive in that effort.

Re: Occam's belt sander says-

"and write them on their whiteboards so other people will know how to deal with them."

I've never experience this in any place that I've worked, but if I did I would be sorely tempted to select my four letters based on how that would make people treat me, rather than based on a stupid test.

"You'll be stuck with 2% annual increases otherwise. But if you change jobs (companies) every 2-3 years you'll get a 10-15% bump each time."

I've been in the industry for about 30 years now, and this has been my experience. The only times I've seen significant salary increases is when I've changed jobs (I have a habit of asking for 20% more than I was paid in my previous job, and on average get a bit more than 10% over).

Re: What does that make me?

Lawsuits for what?

In the US, anyway, you are allowed to discriminate against applicants for any reason that isn't in the short list of protected classes (age, sex, religion, etc.) "Lack of personality" would be a legally acceptable reason to not hire someone, as would "I don't like you".

Re: Use biometric authentication on mobile phone apps ?

Biometrics have a legitimate role to play in the security realm, but that role isn't really authentication.

Re: Spackle?

In my corner of Leftpondia, anyway, "grout" and "spackle" are two different things.

Re: It's a hard problem

SQRL is certainly interesting, but it only covers the web.

Yes. I avoid buying anything that the manufacturer is specifically trying to block me from fixing. This is one of the reasons that Apple gear is a nonstarter.

Re: Train WiFi was actually that bad for a while

""What is every character of your home address""

Ugh. I meant "What is every other character of your home address".

Re: In all fairness

"unless you eliminate all of them, or at least all of them you consider practical given your threat assessment, you're just deceiving yourself."

The first law of security is "if it can be accessed legally, it can be accessed illegally". If you are ever considering yourself "secure" in an absolute sense, you're deceiving yourself, period.

That doesn't mean that it's pointless to engage in any security that isn't 100% comprehensive. All steps taken are of value. The more comprehensive your defenses are, the better, of course -- but I don't think it's a good idea to imply that even a meager defense isn't worth doing.

WiFi is one of the weakest links in a network, because there are relatively low-skill attacks readily available for it. As such, it seems worth at least securing that better even if you don't do anything else.

Viruses are only one of a whole range of security threats. When I think WiFi (whether open or not), the first threat that comes to mind isn't viruses -- it's a MITM attack that allows others who are in the broadcast range of the hotspot to insert themselves into my datastream. Even a properly set up WiFi AP does not provide good enough protection against this sort of thing.

What really opened my eyes about this is when I did pentesting of my own network. I had a properly set up and encrypted WiFi AP, and was still able MITM any device connected to it without having to know the WPA2 credentials.

That's when I started using a VPN with all WiFi APs.

Re: Train WiFi was actually that bad for a while

Security questions are notoriously poor security, as they are always things that are easy and reliable for people to remember -- thus are things that can be discovered by others with a modicum of research.

For years, I've been recommending to people that if they have to set answers to security questions, don't actually answer the question asked. Use the question as code for something unrelated. "What's your favorite color?", for instance, can be reinterpreted and answered as "What is every character of your home address" or something.

Re: In all fairness

"It's only as private as the next network connection, though."

True (assuming by "next network connection" you mean the next one after the end of the VPN). But I was talking specifically about making WiFi connections secure in the face of the inadequacy of WPA2. A VPN (even a commercial one) does that very well. I was not addressing wider network security issues.

Re: In all fairness

"This is useful if you want to obscure the origin of your traffic but has no bearing on the privacy of its contents."

Except that the traffic flowing through the VPN is encrypted, so it has a great deal of bearing on the privacy of the data flow. And when you use one, as I do, that you run yourself, then you know that your VPN provider is trustworthy because your VPN provider is yourself.

Re: me no understand

"The USA isn't a theocracy"

Yet. There is a very vigorous ongoing effort to change that.

"just the weird, blank expression we've seen so often."

Ah yes, the standard unfeeling gaze of the sociopath.

Re: Telnet IS a backdoor

A correction (it's been a while since I've looked at this stuff, so my memory is imperfect). The telnet server is still provided by the telnetd package. It's called in.telnetd. If you use xinetd to wire this up, then you'll see the reference in its configuration file.

Re: Telnet IS a backdoor

"By the way, there is no such thing as a Telnet Server. There never was.

It's either the ancient inetd, which I have not seen since around 1998, or its more recent incarnation named xinetd, which is supposed to be slightly less insecure."

inetd and xinetd are used to fire up servers on-demand. Neither of those are actually proper servers in and of themselves. There is such a thing as a telnet server in both BSD and Linux. It's called telnetd. It isn't installed by default anymore, and it's very much not recommended for use, but it does exist.

In Linux these days, I think the telnet server tends to be provided by busybox instead of by an always-on daemon.

Re: On the one hand

I didn't miss that part. But I suspect we differ about what a backdoor is. In my book, a backdoor is an unadvertised method of gaining access to a system remotely. Whether or not the credentials are hardcoded doesn't matter.

I may be misunderstanding what they're doing here, but my understanding is that the telnet interface is not remotely accessible by default. I'm also willing bet it's not undocumented.

Re: Telnet IS a backdoor

What is your definition of "a backdoor"?

Re: Why would Telnet be required...

"At least someone wishing to get into the equipment would have to be onsite."

As I understand their implementation, you have to be onsite to use the telnet connection. It is not exposed to the wider network. Most, if not all, of the consumer routers I've used have had the same thing going on.

Re: I'm assuming that the USA is where the game is rigged.

"So, instead of a logical system based on income and family size we have deductions."

But nobody has to play that game. You can (mostly) just take the standard deduction and be done with it. That's what I prefer to do. Sure, I end up paying more than I'm technically obligated to, but I get repaid in terms of much less hassle and aggravation.

Re: I'm assuming that the USA is where the game is rigged.

Only if you're looking at income taxes in isolation. Taken as a whole, the difference between the two isn't so huge. And if you factor in the other differences, such as things that aren't technically taxes in the US but are mandatory anyway, that difference becomes even smaller.

Re: Oh great!

I think it depends on your goal. If it's just to bypass content restrictions, then I would pick the fastest one that isn't hosted in the affected nation.

If it's to evade government snooping, then things get a whole lot more dicey.

Re: Goes to prove

"I assume you are referring to the ads served before/during/after the content rather than it being part of the content."

I see NordVPN advertised quite a lot by the youtubers themselves as part of their content, not by YouTube's ad system.

Re: Probably fine, handled badly

"Never attribute to malice that which is adequately explained by stupidity"

If someone is doing something bad, I honestly don't care if it's due to malice or stupidity. The impact on me is the same either way.